Total
248982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6180 | 1 Emc | 2 Rsa Netwitness Nextgen, Rsa Security Analytics | 2023-12-10 | 6.8 MEDIUM | N/A |
| EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent. | |||||
| CVE-2014-0621 | 1 Technicolor | 2 Tc7200, Tc7200 Firmware | 2023-12-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. | |||||
| CVE-2012-1965 | 1 Mozilla | 2 Firefox, Firefox Esr | 2023-12-10 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL. | |||||
| CVE-2012-0376 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
| The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. | |||||
| CVE-2013-2798 | 1 Selinc | 4 Sel-2241, Sel-3505, Sel-3530 and 1 more | 2023-12-10 | 4.7 MEDIUM | N/A |
| Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. | |||||
| CVE-2013-0273 | 1 Pidgin | 1 Pidgin | 2023-12-10 | 5.0 MEDIUM | N/A |
| sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2012-2357 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. | |||||
| CVE-2012-5550 | 2 Carlos Carvalhar, Drupal | 2 Time Spent, Drupal | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-4611 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-3215 | 1 Sun | 1 Sunos | 2023-12-10 | 1.7 LOW | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel. | |||||
| CVE-2013-1789 | 1 Freedesktop | 1 Poppler | 2023-12-10 | 4.3 MEDIUM | N/A |
| splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. | |||||
| CVE-2012-3690 | 1 Apple | 1 Safari | 2023-12-10 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site. | |||||
| CVE-2013-6798 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2023-12-10 | 5.8 MEDIUM | N/A |
| BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694. | |||||
| CVE-2013-6337 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2013-5561 | 1 Cisco | 1 Adaptive Security Appliance Cx Context-aware Security Software | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622. | |||||
| CVE-2013-4056 | 1 Ibm | 1 Infosphere Information Server | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2012-4908 | 1 Google | 2 Android, Chrome | 2023-12-10 | 7.5 HIGH | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. | |||||
| CVE-2012-6274 | 1 Bigantsoft | 1 Bigant Im Message Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors. | |||||
| CVE-2013-3923 | 1 Savysoda | 1 Wifi Free Hd | 2023-12-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. | |||||
| CVE-2012-2528 | 1 Microsoft | 6 Office Compatibility Pack, Office Web Apps, Sharepoint Server and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability." | |||||